Basic firewall rules (iptables) + cheat sheet

12/20/2017 - 9:10 AM

Basic firewall rules (iptables) + cheat sheet

# BASIC RULES
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT


# save iptables
sudo apt-get -y install debconf-utils
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
sudo apt-get -y install iptables-persistent
sudo service iptables-persistent save


# CHEAT SHEET
## Display rules
iptables -S
iptables -L --line-numbers

## Insert in line number 6
iptables -I INPUT 6 -p tcp -m tcp --dport 80 -j ACCEPT

## Add comments
iptables -A INPUT -s 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "office" -j ACCEPT

## bulk change
PORTS="3306"
for PORT in $PORTS;
do
  #echo $PORT
  sudo iptables -A INPUT -p tcp -m tcp --dport $PORT -j ACCEPT
done

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Basic firewall rules (iptables) + cheat sheet